(4 votes, average: 5 out of 5)
Loading ...Tue 10 Jun 2008
When Cisco first announced the Unified Communication Server (CallManager) would be based on Linux, my first question was “How much of the system would be available to users?”
I think it is great that Cisco does not require Engineers to understand the underlying system CallManager is built on, but some of us are curious. This tutorial will show you how to create a user on a CUCM 5/6 server with shell access and root privileges.
WARNING: This should not be performed on a Production System! I am not responsible for any destruction to production systems.
- Boot the CUCM server with CentOS 5.1 Disk1
- Type ‘linux rescue’ at the boot: prompt
- Use the chroot command to change the root to the CUCM partition
Type 'chroot /mnt/sysimage'
- Backup the /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow files
cp -a /etc/passwd /etc/passwd.bak
cp -a /etc/group /etc/group.bak
cp -a /etc/shadow /etc/shadow.bak
cp -a /etc/gshadow /etc/gshadow.bak
- These files are protected by the ext2 immutable flag. Check to see if the immutable flag is set. If the immutable flag is set, you will see an ‘i’.
lsattr /etc/passwd /etc/group /etc/shadow /etc/gshadow
- Remove the immutable flag
chattr -i /etc/passwd /etc/group /etc/shadow /etc/gshadow
- Add a new user and set a password
useradd username
passwd username
- Add the immutable flag
chattr +i /etc/passwd /etc/group /etc/shadow /etc/gshadow
- Add the new user to the /etc/sudoers file and give root privileges.
vi /etc/sudoers
Add the following line to the file to give the new user root privileges.
username All=(ALL) ALL
- Exit Linux rescue mode
- Login with the new account
- Test various root level linux commands with ’sudo’ prefix, take a look at the filesystem and play around
June 10th, 2008 at 4:08 am
This is Nice Tutorial, Thanks
Mark
June 24th, 2008 at 5:06 am
something else for you guys..
once logged in, use sudo /bin/bash to get a root session
June 24th, 2008 at 8:54 am
Thanks James!
August 13th, 2008 at 8:17 pm
I did all of this using kubuntu Hardy KDE 4.0 and was able to browse around, etc. while logged using the live CD.
Once I rebooted the VM, I was unable to use the username/pwd that I had created using the above steps.
Oh, and for anyone that is interested, here are the steps that I took with some annotations:
***********
To boot a vmware from ISO image, edit the respective .vmx file thus:
Open the .vmx file for the image you are using. Look for the lines ide1:0.fileName and ide1:0.deviceType. If you want to install a new guest OS from a CD-ROM or DVD, the defaults are fine. If you’d like to use an ISO image instead of a CD-ROM, however, you’ll need to tweak this a bit. To use an ISO image, change the fileName and deviceType lines to this:
ide1:0.fileName = “/path/to/cd.iso”
ide1:0.deviceType = “cdrom-image”
defaults are
ide1:0.fileName = “auto detect”
ide1:0.deviceType = “cdrom-raw”
Once that’s done, fire up VMware Player. However, instead of letting it boot into the virtual machine, press Esc when you see the screen in Figure 1 (first VMWARE Splash screen…very very FAST - you may have to try this a bunch of times…I did! As soon as u see the cursor change to the hand, click, then, click ESC, but only ONCE). VMware will give you the option of booting from the hard disk or booting from other devices. Select the CD-ROM drive from the boot menu instead of the hard drive. You should be able to move through your installation normally after that.
By the way — and this is one of my favorite features of VMware Workstation — you can download an ISO for a Linux distro and try it out in VMware without even having to take the time to burn it to CD. This feature has helped me avoid wasting a lot of CD-Rs.
*************# Boot the CUCM server with CentOS 5.1 Disk1
******** I used hardy 8.04 KDE 4.0 .iso image *******
# Type ‘linux rescue’ at the boot: prompt
******** I did not need to do this, I opened up Konsole and changed to /media/disk ******
# Use the chroot command to change the root to the CUCM partition
Type ‘chroot /mnt/sysimage’
******** I did not do this..cd /media.disk ********
# Backup the /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow files
******** Note: I had to change to the etc directory since /etc goes back to root which is the root of ubuntu *******
******** so, just remove the /etc/ from the below commands (or use /media/disk/etc ********
cp -a /etc/passwd /etc/passwd.bak
cp -a /etc/group /etc/group.bak
cp -a /etc/shadow /etc/shadow.bak
cp -a /etc/gshadow /etc/gshadow.bak
# These files are protected by the ext2 immutable flag. Check to see if the immutable flag is set. If the immutable flag is set, you will see an ‘i’.
******** Use sudo if you have to **********
lsattr /etc/passwd /etc/group /etc/shadow /etc/gshadow
# Remove the immutable flag
chattr -i /etc/passwd /etc/group /etc/shadow /etc/gshadow
# Add a new user and set a password
useradd username
passwd username
# Add the immutable flag
chattr +i /etc/passwd /etc/group /etc/shadow /etc/gshadow
******* Again, sudo for shadow and gshadow
# Add the new user to the /etc/sudoers file and give root privileges.
visudo /etc/sudoers
******* visudo is a pain in the ass…same commands as vi…had to look them up
******* I recommend using visudo as it does special checks to make sure you don’t fubar dusoer
Add the following line to the file to give the new user root privileges.
username All=(ALL) ALL
******* for example: dvader ALL=(ALL) ALL
****************
So, should I not be able to boot to UCM and logon as dvader?
or is this only to logon w/ a live CD.
Thanks!
August 13th, 2008 at 8:20 pm
ps…yes, I copied and pasted all of the instructions for the vmware stuff from another place on the net. I wish I could give credit…but..I just closed out all my browsers.
My apologies to the original poster on that!
August 13th, 2008 at 9:44 pm
ok…I figured this out!!!
When doing “adduser” I was actually adding it to the liveCD version! in other words, I was modifying /etc/passwd, group, shadow, gshadow, etc when doing the “adduser” command.
So, I opened up those files in a text editor, then opened up /media/disk/etc/passwd..etc and copied/pasted the new user info.
also, when doing sudo visudo sudoers, I had to use the -f flag to look to the local command line otherwise, I was also editing /etc/sudoers (my liveCD filesystem)
i.e: ubuntu@ubuntu:/media/disk/etc$ sudo visudo -f sudoers
also, note: I noticed that I did not have access via Konsole to /media/disk until I opened it up in Dolphin (the file manager)…not sure if I tried to quickly or not, but…if anyone else does this…there ya go.
So…thanks for pointing me in the right way..hopefully, my notes can be of assistance to someone.
August 13th, 2008 at 10:34 pm
Robert,
Thanks for sharing your notes with us! I really enjoy seeing someone take another approach. Great job!
Please try to find the author of the above procedure. I would like to give credit.
Josh
October 8th, 2008 at 3:09 pm
Robert, your procedure was failing exactly because you did not chroot to the CCM partition.
Though the workaround you found is just as fine.
October 9th, 2008 at 3:12 am
Root Access auf einem Cisco CallManager 6.x bekommen…
Ich habe mir vor einiger Zeit zum testen einen Cisco CallManager 6 installiert. Da ich Blackboxen nicht leiden kann, habe ich versucht ob es nicht möglich ist einen richtigen Shell Access hinzubekommen…
……